Tremendous Increase in Ads on the Dark Web Offering Access to Corporate Networks
The dark web is home to a thriving illegal marketplace called the dark market. The black market offers cybercriminals a platform to buy and sell illegal goods and services. Such services may include the sale of illegal drugs. Now, ads on the dark web hawk everything, including credit cards and identity cards. Above all, one of the most lucrative items up for sale is access to corporate networks.
The dark web is usually confused with the deep web. Yet, the deep web is all web pages that are unidentifiable by search engines.
So getting access to an organization’s entire network may lead to the following:
- Data exfiltration
- Malware attacks
- Corporate espionage
Security provider Positive Technologies released a report about the issue. They said that the selling of network access continues to grow at an alarming rate.
Increase of Ads on the Dark Web
Cybercriminals can snag network access through various methods. A popular tactic used is account compromises. Whether through admin accounts or regular user accounts, or VPN accounts.
For instance, Positive Technologies analyzed forums on the dark web that provide access to networks. They analyzed them along with ads seeking hackers. Now, these forums have more than eight million registered users.
Over time, ads on the dark web selling access to breached corporate networks show an increase. In fact, Positive Technologies found 707 new ads in 2020. The number was seven times more than that discovered in 2019. Likewise, the first quarter of 2021 alone had 590 new ads.
In each quarter, about $600,000 worth of corporate network access is sold on the darknet. Although that number seems low, the average cost keeps going down. Also, affordable access is usually sold by amateur criminals. Equally important, for the criminals to maintain anonymity, they use the Tor browser and cryptocurrency.
Still, the cost of network access varies depending on some factors. These are:
- Account privileges
- Number of computers to be compromised
- Size of the company
- The target’s revenue
- Other financial aspects
Reports showed that financial institutions and industrial companies are more challenging to hack. So in other words, security matters a lot. Thus, cybercriminals always prefer to target easier victims.
Measures to be taken by Organizations to Protect Themselves
Organizations can apply the following to prevent their network from being compromised.
- Set up up-tight security.
Always install security updates for the software you are using. Other than that, use a strong password policy. For access to critical resources, put in place multifactor authentication.
Moreover, always use modern information security tools. The ones that can instantly detect any anomalies on your network.
- Be alert that your organization can be a target
Never assume that your organization does not interest hackers. Infact, highly motivated and qualified hackers target any company or organization.
- Train organization employees
Teach employees the basics of cybersecurity. The reason being, they don’t fall for social engineering attacks.
- Hire qualified security staff.
Constantly improve and review the qualifications of your information security employees. Also, ensure that they can use security tools effectively. Plus, make sure they can appropriately respond to security incidences.
Note that, as the number of compromised credentials grows, so do malware attacks.